Description

CVE: CVE-2012-1638

The Search Autocomplete module allows you to add autocomplete functionality to the search fields of a Drupal site.

Search Autocomplete does not properly use Drupal's database API, making it possible for a malicious user to carryout SQL injection on the site. This vulnerability is mitigated by the fact that users must have a role with permission "use search_autocomplete" to exploit.

Versions affected

Search Autocomplete versions prior to 7.x-2.1.

Drupal core is not affected. If you do not use the contributed Search Autocomplete module, there is nothing you need to do.